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95 (57) Abstract: The invention relates to a portable, electronic device (201) such as a mobile phone. The device is provided with 
- — a transponder (202) and may be used for authentication purposes The device includes means (204) for writing user-specific h> 
^ formation into a memory unit (203), included in the transponder (202) Thus, whan an interrogating reading device stimulates the 

transponder, the transponder emits the user-specific information. This enables authentication of a user rather than of a device. In 
Q a preferred embodiment use is made of a user- specific key, by means of which a single-use code is generated, which is used as the 

emitted user-specific information The invention also relates to a method and a system, which may work in connection with such a 
P^" device 
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APPARATUS , METHOD AND SYSTEM FOR AUTHENTI CATION 

Field of the invention 

The invention relates to a portable, electronic de- 
vice according to the preamble of claim 1, a method for 
use in an interrogating apparatus according to claim 10 
5 and a system for authenticating a user according to the 
preamble of claim 13. 
Technical background 

RFID- transponders, sometimes referred to as RFID- 
tags (RFID-Radio Frequency Identification) are widely 
10 used for recognizing persons and objects. 

An RFID- transponder may be devised as a small tag 
and carries stored information, such as an identity num- 
ber, identifying an object or a person. In order to re- 
trieve the stored information an interrogating apparatus 
15 is used. The apparatus emits an interrogating radio sig- 
nal or field, which causes the RFID-transponder to reply 
with a signal, comprising the stored information. The in- 
terrogating apparatus may then receive the reply signal. 

Such RFID transponders are used for instance in con- 
20 nection with access control or as an alternative to bar- 
codes. In other common applications RFID transponders are 
used in car immobilisers and for identifying domestic 
animals - 

It has been suggested to provide portable, elec- 
25 tronic devices, such as mobile phones, with RFID tran- 
sponders. This enables additional functionalities in con- 
nection with such devices. For instance, a mobile phone 
may then be used also as an access control card. Such 
functionalities often need strong security. 
3 0 A problem with using such devices in this manner is 

that they are sometimes stolen, lost, sold or given away. 
Any access right or user registration given to the asso- 
ciated RFID transponder identity is then inherited by the 
new possessor of the device. This implies a lack of se- 
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curity, since the device may be misused, and makes - 
portable, electronic devices with RPID- transponders less 
credible . 

Summary of the invention 
5 One object of the present invention is to wholly or 

partly obviate the above-mentioned problems. 

This object is achieved with a portable, electronic 
device as defined in claim 1, a method as defined in 
claim 10 and a system as defined in claim 13. 

10 In accordance with a first aspect/ the invention 

more specifically relates to a portable electronic device 
comprising a transponder with a memory unit. The device 
is characterised by means for writing user- specif ic in- 
formation into the transponder memory unit, so that the 

15 transponder, upon receiving an interrogating signal, gen- 
erates a response signal comprising the user-specific in- 
formation- 

In such a device the RFID- functionality is not 
statically tied to the device itself, but rather to the 
20 user of the device. This eliminates the problem associ- 
ated with portable, electronic devices changing hands as 
described above. 

Preferably, a portable, electronic device may com- 
prise a detachable subscriber unit from which the user- 

2 5 specific information is retrieved. Such a unit may in the 

case of a GSM mobile phone be a SIM-unit, which then pro- 
vides user-specific information which is independent of 
the phone used. 

In a preferred embodiment the portable , electronic 

3 0 device comprises calculating means for calculating an au- 

thentication code, included in the user -specif ic informa- 
tion. This provides for the use of user- specif ic informa- 
tion that is used only once, thus providing improved 
credibility- If a detachable subscriber unit is used, the 
35 calculating means may preferably be located within this 
unit * 
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Preferably, the authentication code may be calcul- 
ated based on a user- specif ic key a request code and us- 
ing an algorithm. This allows excellent credibility and 
may be readily implemented in systems where such algo- 
5 rithms are used for other reasons, such as for instance 
in GSM-systems Then the request code may preferably be 
comprised in the interrogating signal, received by the 
portable, electronic device. 

In another embodiment, the user-specific information 
10 may be a user identity number, such as for instance an 
XM3I~number This allows a simple way of performing au- 
thentication. 

The portable, electronic device may preferably be a 
GSM mobile phone* 
15 The transponder may preferably be intended to be 

used as an RFID-tag. 

According to a second aspect, the invention relates 
to a method for use in an interrogating apparatus for au- 
thenticating a user, who is carrying a portable, elec- 

2 0 tronic device, comprising a transponder with a memory 

unit. The method comprises the steps of: transmitting a 
transponder interrogating signal to the transponder of 
the portable device; receiving a response signal, com- 
prising user specific information, from the transponder, 
25 said user-specific information being written, by means in 
the portable, electronic device, into a memory unit of 
the transponder; and determining the authenticity of the 
user based on the user-specific information • 

Similarly to the above-mentioned device, this method 

3 0 provides reliable and user-oriented authentication. 

Preferably in the method, the transponder interroga- 
ting signal comprises a request code, allowing the port- 
able device to calculate an authentication code to be 
transmitted by the transponder, the calculation being 
3 5 based on the request code and a user- specific key and us- 
ing an algorithm. The response signal comprises this au- 
thentication code. The received authentication code is 
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then compared with an authentication code calculated in 
the same way on the apparatus' side of the air interface. 
Then the authenticity of the user is determined based on 
the comparison. Such a method provides excellent credi- 
5 bility. 

Preferably in the method, the transponder may be in- 
tended to be used as an RFID-tag. 

In accordance with a third aspect, the invention re- 
lates to a system for authenticating a user, carrying a 

10 portable, electronic device, comprising a transponder 

with a memory unit. The system comprises an interrogating 
apparatus and is characterised by means in the interroga- 
ting apparatus for transmitting a transponder interroga- 
ting signal to the transponder of the portable device; 

15 means in the interrogating apparatus for receiving a re- 
sponse signal, comprising user specific information, from 
the transponder, said user-specific information being 
written, by means in the portable, electronic device, 
into a memory unit of the transponder; and means for de- 

2 0 termining the authenticity of the user based on the user- 

specific information . 

Such a system may operate in connection with or in- 
clude a portable, electronic device and provides user- 
oriented authentication with high credibility. 
25 Preferably in the system, the transponder inter- 

rogating signal comprises a request code, allowing the 
portable, electronic device to calculate an authen- 
tication code, to be transmitted by the transponder, the 
calculation being based on the request code and a user- 

3 0 specific key and using an algorithm. The response signal 

comprises the authentication code and the system com- 
prises means for comparing the received authentication 
code with an authentication code calculated in the same 
way on the apparatus' side of the air interface. The sys- 
35 tern furthermore comprises means for determining the au- 
thenticity of the user based on the comparison. Such a 
system provides excellent credibility, 
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In a preferred embodiment, the transponder is inten- 
ded to be used as an RFID-tag. 

Brief description of the drawings 
5 Fig 1 illustrates the basic concept of RFID-tran- 

sponders * 

Fig 2 shows a block diagram of a portable, elec- 
tronic device according to an embodiment of the inven- 
tion. 

10 Fig 3a-3c illustrate embodiments of the invention 

with features for enhanced security. 

Description of preferred embodiments 

RFID tags (RFID«= Radio Frequency Identification) 
15 or RFID transponders are information carriers widely used 
in modern technology. The well known basic concept of 
RFID transponders is illustrated by means of an example 
in Fig 1, wherein a transponder 101 (shown enlarged) is 
attached to an object 102, from which information is to 

2 0 be retrieved by means of an interrogating apparatus 103, 

sometimes referred to as a reading device. 

The transponder 101 comprises an antenna 104 and 
an integrated circuit (IC) 105, which comprises a tran- 
sponder memory unit. In order, for instance, to identify 
25 the object 102, the interrogating apparatus transmits a 
request radio signal 106, emitted as an electromagnetic 
field, which is picked up by the transponder antenna 104 
and fed to the transponder IC 105. This causes the tran- 
sponder 101 to transmit a reply signal 107 comprising in- 

3 0 formation which is stored in the transponder memory unit 

in the IC 105, The information may be information identi- 
fying the object 102. Transmission is carried out using 
the transponder antenna 104, The reading device thus re- 
ceives information from the transponder. 
35 There are passive transponders and active tran- 

sponders. Passive transponders have no internal power 
supply. Instead, passive transponders use the energy in 
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the received interrogating signal to create the reply- 
signal. Active transponders on the other hand are pro- 
vided with, or connected to, some kind power supply. 

The transponder IC may be programmed with infor- 
5 mation in different ways. Information may be permanently 
embedded into the hardware when the IC is manufactured. 
It may also be fed to the IC using wires, or from an in- 
terrogating apparatus by means of the air interface. 
Hence, there are read-only as well as read/write tran- 
10 sponders . 

Transponder operating frequencies vary from 
3 0 kHz (low- frequency transponders) to more than 2.5 GHz 
(high-frequency transponders) „ The stored information 
quantity varies from a few bytes (passive read-only 
15 transponders) up to 1MB (active read/write transponders) . 
Reading ranges vary from a few centimetres to tens of me- 
tres . 

An advantage with transponders compared with 
other information carriers, such as for instance bar 

2 0 codes, is that line -of -sight between reading device (in- 

terrogating apparatus) and information carrier (tran- 
sponder) is not required. The time required to read a 
transponder is often less than 100 ms, 

Fig 2 shows a block diagram of a portable, elec- 
25 tronic device 2 01 according to an embodiment of the in- 
vention. In this embodiment, the device 201 is a GSM mo- 
bile telephone. When such a telephone is used, a SIM-mod- 
ule (SIM~Subscriber Identity Module) , which is a detach- 
able subscriber unit, is inserted into the phone. The 

3 0 SIM-module contains user- specific data and is accessible 

for the CPU (CPU^Central Processing Unit) of the tele- 
phone , 

In this embodiment the telephone comprises an inter- 
face 2 04 between the CPU and the memory unit 20 3 of an 
35 RFID transponder 202 integrated into the telephone. This 
interface allows the telephone CPU to write user-specific 
information into the transponder memory unit 20 3 in the 
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transponder IC. Preferably, the interface 2 04 allows the 
CPU both to write information into the memory unit 2 03 
and to read information from the memory. Moreover, it may 
be advantageous if the interface 204 allows the memory 
5 unit to provide interrupt signals to the CPU, for in- 
stance if the transponder has received an interrogating 
signal. In this embodiment the CPU retrieves the IMSI- 
number (IMS I = International Mobile Subscriber Identity) 
from the SIM-module. IMSI is a number with up to 15 dig- 
it) its that uniquely identify a subscriber and hence a user. 
The interface between the CPU and the transponder may be 
utilised by software -implemented functionalities, and may 
allow information to be transferred in both directions 
between the transponder and the CPU. 
15 The SIM-module and the IMSI -number are standard fea- 

tures of GSM systems. Security may be enhanced by re- 
quiring a PIN- code for activating the SIM-unit 
(PIN-Personal Identification Number) . The user-specific 
data (IMSI) may then be written into the memory unit as 

2 0 soon as the PIN- code has been entered. 

The CPU is devised to write the IMS I - number or a 
code derived from the IMS I -number to the transponder mem- 
ory unit. Upon interrogation, the transponder now trans- 
mits the IMSI -number, and hence user-specific informa- 
25 tion, to an interrogating apparatxas. 

If the identification procedure is associated with a 
payment, for instance the electronic payment of a bus 
ticket, this payment may preferably be effected via the 
users mobile telephony subscription. 

3 0 The invention may be used extensively in connection 

with, for instance, vending machines, access control sys- 
tems, movie theatres etc. Such services need then be pro- 
vided with an interrogating apparatus, capable of con- 
tacting a device according to an embodiment of the inven- 
3 5 tion* If a payment is involved as described above, the 
user may preferably be asked to acknowledge the payment 
in the user interface of the device before being provided 
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with the service (e.g. being let in at a movie theatre or 
a vending machine delivering goods) . 

Fig 3a-3c illustrate system embodiments of the 
invention with features for enhanced security. There is a 
5 risk that the transmission of the IMSI -number, as de- 
scribed in connection with fig 2, might be eavesdropped 
by a third party and may be misused by this party. In ap- 
plications where this is critical, a more sophisticated 
approach may be considered. 
10 GSM systems support features for authenticating a 

subscriber. These features involve a subscriber authen- 
tication key/ Ki and an authentication algorithm A3. In 
GSM systems, the SIM-module, when provided with a 12 8 bit 
pseudo random number, referred to as RAND, calculates, 
15 based on Ki and RAND and using A3, a signed response, 

SRES. This allows the mobile telephony system to authen- 
ticate a subscriber. The algorithm A3 is designed so that 
it is extremely difficult to calculate Ki with RAND, SRES 
and A3 at hand. RAND may be referred to as a request 
20 code, whereas SRES may be referred to as an authenti- 
cation code. 

This functionality may be utilised in connection 
with an embodiment of the invention, as illustrated in 
fig 3a. Then in a method an interrogating apparatus (IA) 

25 emits a signal/field comprising a RAND-number, This sig- 
nal is received by the transponder antenna and fed to the 
transponder IC. The CPU in the portable, electronic de- 
vice reads the RAND number from the IC and feeds the num- 
ber to the SIM unit. In the SIM unit an SRES (signed re- 

30 sponse) is calculated based on the RAND number, the Ki of 
the SIM unit, and using the A3 -algorithm. The SRBS is de- 
livered to the CPU, which then writes SRES, being user- 
specific information, into the memory of the transponder 
IC. Subsequently, the transponder emits a signal con- 

3 5 taining SRES, which may be received by the interrogating 
apparatus. The interrogating apparatus may now check that 
the received SRES matches with an SRES , calculated in the 
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same way, but on the apparatus' side of the air- inter- 
face, between the transponder and the interrogating ap- 
paratus . 

It should be noted that this embodiment may prefer- 
5 ably be combined with the first embodiment, i.e. that 
both the IMS I -number and SRES may be delivered. 

There are different ways for the interrogating appa- 
ratus to obtain a RAND and an SRES that is indicative for 
a given subscriber. As a first alternative the inter - 

10 rogating apparatus may generate a random number RAND and 
then generate SRES itself. This, however, requires that 
the interrogating apparatus has knowledge of the authen- 
tication key, Ki. Such keys are normally kept very se- 
cret, for instance only in the SIM unit and in a single 

15 server, such as the users HOME-MSC (MSC= Mobile Services 
Switching Centre) - Therefore it is likely that the inter- 
rogating apparatus does not get access to the authenti- 
cation key. 

Instead, the interrogating apparatus may, as illu- 
2 0 strated in fig 3b, generate RAND and request the corre- 
sponding SRES from such a server. 

As an alternative, the interrogating apparatus may 
request, for a specific subscriber, a RAND and an SRES 
corresponding to this RAND * In order to use the correct 
25 authentication key, the server or interrogating appa- 
ratus, calcxxlating the SRES, must know the identity of 
the subscriber. The interrogating apparatus may there- 
fore, if the user identity is not already known, first 
obtain the user identity, for instance the IMSI-number, 
30 as described in connection with fig 2, and then perform 
authentication as described in connection with figs 3a- 
3c . 

A third party, eavesdropping the IMSI, the RAND and 
the SRES , cannot authenticate himself as the subscriber 
35 vis-a-vis the interrogating apparatus, unless the inter- 
rogating apparatus uses the same RAND - number again, which 
is very unlikely (12 8 bit pseudo-random number, 2 1?28 pos~ 
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sibilities) . Therefore, SRES may be regarded as a single- 
use code and excellent credibility is achieved. 

The above example is related to the GSM- standard. 
The invention may also be used in connection with other 
5 types of mobile telephones, as long as user/ subscriber- 
specific information is stored in the telephone. 

The invention is however also useful in connection 
with other digital devices, such as for instance PDAs 
(PDA- Personal Digital Assistant) . An RF ID -transponder is 
10 then mounted in the PDA, and the PDA provides the tran- 
sponder IC with user- specific information, which may be 
stored in the PDA or in a memory card inserted into the 
PDA, 

It should also be noted that \iser- specif ic informa- 
15 tion may be manually entered into a portable, electronic 
device by using various xiser interfaces- A user may for 
instance enter a personal identity number or a subscriber 
number into a device, which number may then be used by 
the device to authenticate the user. 

2 0 In summary, the invention relates to a portable, - 

electronic device such as a mobile phone. The device is 
provided with a transponder and may be used for authen- 
tication purposes. The device includes means for writing 
user-specific information into a memory unit, connected 
25 with the transponder. Thus, when an interrogating reading 
device stimulates the transponder, the transponder emits 
the user-specific information. This enables authenti- 
cation of a user rather than of a device. In a preferred 
embodiment use is made of a user-specif ic key, by means 

3 0 of which a single-use code is generated, which is used as 

the emitted user- specif ic information. The invention also 
relates to a method and a system, which may work in con- 
nection with such a device. 
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CIiAIMS 

L Portable, electronic device (2 01) comprising a 
transponder (2 02) with a memory unit (2 03) , 
5 characterised by means (204) for writing 
user- specific information into the transponder memory 
unit (203) , so that the transponder (202), upon reception 
of an interrogating signal, generates a response signal 
comprising the user- specific information. 
10 2. Portable, electronic device as claimed in claim 

1, comprising a detachable subscriber unit (SIM) from 
which the user- specif ic information is retrieved. 

3„ Portable, electronic device as claimed in claim 1 
or 2, comprising calculating means for calculating an au» 

15 thentication code (SRES) , to be included in the user-spe- 
cific information . 

4. Portable, electronic device as claimed in claim 2 
and 3, wherein the calculating means is located within 
the detachable subscriber unit (SIM) - 

2 0 5. Portable, electronic device as claimed in claim 3 

or 4, wherein the authentication code (SRES) is cal- 
culated based on a user-specific key (Ki) and a request 
code (RMD) and using an algorithm (A3) , 

6. Portable, electronic device as claimed in claim 
25 5, wherein the request code (RAND) is comprised in the 

interrogating signal, received by the portable electronic 
device . 

7. Portable, electronic device as claimed in claim 

2, wherein the user-specific information is a user iden- 
30 tity number (IMS I) . 

8. Portable, electronic device as claimed in any one 
of the preceding claims, wherein the device is a mobile 
telephone. 

9„ Portable, electronic device as claimed in any one 
35 of the preceding claims, wherein the transponder is in- 
tended to be used, as an RFID-tag. 
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10 . Method for use in an interrogating apparatus for 
authenticating a user, carrying a portable, electronic 
device, comprising a transponder with a memory unit, 
characterised by the steps : 

5 - transmitting a transponder interrogating signal to 

the transponder of the portable device; 

- receiving a response signal, comprising user spe- 
cific information, from the transponder, said user- spe- 
cific information being written, by means in the port- 

10 able, electronic device, into a memory unit of the 
transponder; and 

- determining the authenticity of the user based on 
the user-specific information. 

11. Method as claimed in claim 10, wherein the 

15 transponder interrogating signal comprises a request code 
(RAND) , allowing the portable device to calculate an au- 
thentication code (SRES) , to be transmitted by the 
transponder, the calculation being based on the request 
code (RAND) and a user-specific key (Ki) and using an al~ 

2 0 gorithm (A3) ; wherein the response signal comprises the 
authentication code (SRES) ; wherein the received authen- 
tication code (SRES) is compared with an authentication 
code calculated in the same way on the apparatus' side of 
the air interface; and wherein the authenticity of the 

25 user is determined based on the comparison. 

12. Method as claimed in any of claim 10 or 11, 
wherein the transponder is intended to be used as an 
RFID-tag. 

13. System for authenticating a user, carrying a 
30 portable, electronic device, comprising a transponder 

with a memory unit, the system comprising an inter- 
rogating apparatus, characterised by 

- means in the interrogating apparatus for trans- 
mitting a transponder interrogating signal to the tran- 

35 sponder of the portable device; 

- means in the interrogating apparatus for receiving 
a response signal, comprising user specific information, 
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from the transponder, said user-specific information be- 
ing written, by means in the portable, electronic device, 
into a memory unit of the transponder; and 

- means for determining the authenticity of the user 
5 based on the user -specif ic information. 

14. System as claimed in claim 13, wherein the tran- 
sponder interrogating signal comprises a request code 
{RAND) , allowing the portable, electronic device to cal- 
culate an authentication code (SRES) , to be transmitted 

10 by the transponder, the calculation being based on the 

request code (RAKD) and a user-specific key (Ki) and us- 
ing an algorithm (A3); wherein the response signal com- 
prises the authentication code (SRES) ; where the system 
comprises means for comparing the received authentication 

15 code (SRES) with an. authentication code calculated in the 
same way on the apparatus' side of the air interface; and 
wherein the system comprises means for determining the 
authenticity of the user based on the comparison. 

15. System as claimed in claim 13 or 14, wherein the 
20 transponder is intended to be used as an RFID-tag. 
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